CRM GDPR Compliance

Really Simple Systems CRM GPDR compliance

About GDPR

The General Data Protection Regulation (GDPR) has been introduced by the European Union (EU) to protect the personal data of EU citizens. The new legislation comes into effect from 25th May 2018, enshrining the principle that a citizen’s personal data belongs to them and not to the organisation collecting it.

Replacing the Data Protection Directive 95/46/EC, GDPR has been designed to protect the data privacy of all EU citizens and empower them to control the what, when, how, where and why their personal data is used, stored, processed or deleted.

The scope of the GDPR goes beyond the borders of the EU, creating implications for any organisation that works with the personal data of any EU resident and making them responsible for the protection of that data.

High standards of data security

At Really Simple Systems CRM GDPR compliance and data protection are fundamental to our business. We understand that we have a high duty of care to protect our customers’ data, and our internal policies and procedure reflect this. Our approach is open and honest, aiming to give confidence to our customers on our integrity.

Really Simple Systems CRM GDPR compliance

Really Simple Systems complies with the provisions of GDPR both in our capacity of Data Controller of our customers’ personal data and as Data Processor for customers of our CRM. See our CRM GDPR Compliance Statement.

All customer data is stored within the EU in data centres that are ISO27001 compliant, with data on our production servers encrypted at rest

All our sub processors, where we store or pass personal data, are GDPR compliant or have committed to be so by 25th May 2018

We have in place a Data Protection Officer, a Breach Notification Process and policies for Right to Erasure & Data Portability

All our staff are subject to our Customer Data Access Policy enforced in their employment contracts

Supporting our customers

GDPR is the biggest marketing and compliance challenge businesses have faced for some time. It’s important to us to support our customers as they adapt to the changes. Over the past year we have written several articles and presented monthly webinars explaining what GDPR compliance is about and what organisations need to do to prepare for the legislation.

Whilst we stress that we are not qualified to give legal advice, we are happy to help interpret the legislation and give our opinions on what is needed.

We have also made developments to our integrated Marketing Module to include compliance tools for email marketing.

CRM GDPR compliance features

The Really Simple Systems integrated Marketing Module includes built-in GDPR compliance features, that allow users to capture and store consents. Our compliance features enable customers to collect mailing consent from new leads via a website and from an existing contact database. The Mailing & Consent Lists features records consent opt-ins and keeps an auditable log of when, how and from what IP address the consent was granted.

Your GDPR compliance checklist

Appoint a Data Processing Officer who should quickly get up to speed with the legislation

Create a list of all your systems that hold personal data: your CRM, accounting system, HR system, contact databases in email clients such as Outlook, all those spreadsheets scattered around people’s laptops with contact data in them

List of all your Data Processors, those external systems you use that hold personal data. Make sure they only hold data in the EC and are, or will be, GDPR compliant. If you are in a regulated industry get a certificate or contract warranting compliance

Start capturing consents from new enquiries now

Work out how you are going to get consents from contacts in your existing database between now and 25th May 2018

Draft a procedure for managing breach notifications, for both the regulatory body and the contacts themselves. If a breach happens you won’t have time to consider the best way to do this so have it mapped out in advance

Review and update the privacy notices and terms and conditions on your web site